Controlling shared disk data in a duplexed computer unit

ABSTRACT

In fault-tolerant systems it is known to write data into two separate disk drives. It is also known to duplex computers so that when one computer fails, the other computer can continue operating. In such a system, the active unit usually controls both disk drives. It is also known to cache in the main memory of the computer the most recently used areas in the disk drive, since it is likely that these areas (e.g. directories) must be read again soon. A problem occurs when using duplexed computers each of which is to be provided with a possibility of using the disk drive ( 14, 24 ) while the operation is expedited by caching in the main memories of the computers ( 10, 20 ). If one computer modifies the data in the disk drive, the other computer is not necessarily aware of this, but it uses the outdated data in its memory. According to the invention, the computer ( 10 ) desiring to control the disk drive ( 14 ) reserves it for itself. If the reservation is successful, a disk talk is performed. If the data in the disk drive ( 14 ) is changed, the other computer ( 20 ) is informed of this change and it erases from its memory the cached data corresponding to the changed data.

[0001] The invention relates to duplexed computer systems and especially to an arrangement with which two computer units can control data on the same disk drive.

[0002] In fault-tolerant systems that are used for example in switching centres, it is previously known to write data into two separate disk drives. It is also previously known to duplex computers so that when one computer unit fails, the other computer may continue the operation. In such a system, the active unit controls both disk drives. The passive unit is either in reserve or faulty, but at does not usually control the disk drives. It is also previously known to store in the main memory of the computer such areas of the disk drive that were read last, since it is likely that at least some of these areas (for example directories) must be read again soon.

[0003] With reference to FIG. 1, duplexed computers are usually arranged in such a way that only one (e.g. 10) of the computers 10 and 20 uses a disk drive 14 and/or a disk drive 24. The other computer (in this case 20) is then in reserve or faulty. A first disk drive bus 15 connects both computer units and the first disk drive 14. Correspondingly, a second disk drive bus 25 connects both computer units and the second disk drive 24. FIG. 1 shows an embodiment where each computer unit 10 and 20 comprises two disk drive controllers 13 a and 13 b, and 23 a and 23 b, respectively. Alternatively, each computer unit 10 and 20 might comprise one disk drive controller having two separate interfaces to the disk drive buses 15 and 25. The disk drive buses 15 and 25 may be for example SCSI (Small Computer Systems Interface) buses and the disk drives 14 and 24 may correspondingly be disk drives with SCSI interfaces. FIG. 1 also shows a bidirectional message bus 30 connecting the computers 10 and 20. Via the message bus 30 the commuters 10 and 20 interchange maintenance messages, for example they inquire about each other's condition etc.

[0004] The system of FIG. 1 is shown with two disk drives 14 and 24 since in duplexed systems the disk drives are usually also duplexed. In this exemplary case, the disk drive buses have also been duplexed. As far as the invention is concerned, the disk drives 14 and 24 could also be connected to a common disk drive bus 15 or 25. However, the invention relates to controlling disk drives regardless of any other disk drives that the system may comprise. The number of disk drives and disk drive buses is therefore not essential to the invention.

[0005] Caching the data of the disk drive 14 in the main memory 12 of one computer 10 constitutes technology that is known to a person skilled in the art. The caching is based on the empirical observation that when a disk task is performed to some part of the disk drive 14, it is likely that another disk task is performed relatively soon to the same part. Therefore it is preferable to store in the main memory 12 the data corresponding to some of the most recently used areas of the disk drive 14. For the purpose of caching a disk drive, a certain area is usually reserved from the main memory 12. Alternatively, the disk drive controllers 13 a and 13 b may contain a separate cache memory.

[0006] A problem occurs with the use of duplexed computers each of which is to be provided with the possibility of using at least one disk drive 14 and 24 while the operation is expedited by caching the disk drive in the main memories 12 and 22 of the computers 10 and 20. If one computer unit (e.g. 10) modifies the data on the disk drive 14, the other computer unit (in this case 20) is not necessarily aware of it. If this computer 20 relies on the cached data in its main memory without reading the recently updated data from the disk drive 14, the system gets confused. Due to fault-tolerance, the computer units 10 and 20 have separate main memories, so that the computers 10 and 20 cannot write directly into each other's main memories which areas in the disk drive 14 they have changed.

[0007] On the basis of the above, the object of the invention is to provide a method and a system with which two computer units can cache data in a shared disk drive in a reliable manner. The aims of the invention are achieved with methods and systems that are characterized by what is disclosed in the independent claims. The preferred embodiments are set forth in dependent claims.

[0008] The invention is based on the idea that a computer unit desiring to use a disk drive makes sure that another computer does not use the disk drive simultaneously, whereafter the computer checks if the other computer has modified any of the data in the disk drive. If the data in the disk drive has been changed, the cached data corresponding to this data is erased from the main memory. After this, a disk task is performed and the other computer unit is informed of the changed data in the disk drive.

[0009] The method and system according to the invention have the primary advantage that shared disk data can be controlled from two computers so that data can still be cached in the main memories of the computers. Also, the invention only requires few additions to the disk control software in order to be realized. The equipment does not usually have to be altered, considering the changes that would be required in any case by the duplexing of the computer system.

[0010] The invention will be described in greater detail in connection with preferred embodiments and with reference to FIG. 1 illustrating a duplexed computer unit comprising duplexed disk drives.

[0011] The method according to the invention for controlling a shared disk drive 14 from two computers 10 and 20 can be performed in the system shown in FIG. 1 for example in the following steps. Assume that the first computer 10 wants to use the first disk drive 14. Due to the system symmetry, the method operates in a corresponding manner from the other computer.

[0012] (i) It is checked whether the other computer 20 has sent notices of the changes it has made in the disk drive 14;

[0013] (ii) if the other computer 20 has sent notices of the changes it has made in the disk drive 14, the caching of the data corresponding to the changed areas in the disk drive 14 is erased;

[0014] (iii) a disk task is performed;

[0015] (iv) if the data in the disk drive 14 is changed in the disk task, the other computer is informed of the changed areas in-the disk drive 14.

[0016] The disk task may include several commands to the disk drive 14. During this process the other computer 20 must be prevented in some way from using the disk drive 14. This is performed most advantageously in such a way that before the disk task the first computer 10 reserves the disk drive for itself for example with the SCSI command RESERVE. Correspondingly, the disk drive can be released after the disk task with the SCSI command RELEASE. The disk drive can be released after each disk task. The release may alternatively take place only when the other computer indicates that it needs to access the disk drive. This indication of the need for the disk drive can be forwarded either via the message bus 30 or the disk drive bus 15.

[0017] If the computer 10 does not manage to reserve the disk drive 14, the other computer 20 has reserved the disk drive. The first computer 10 may then transmit to the second computer 20 indication that it needs the disk drive 14. After this the first computer 10 may try to reserve the disk drive 14 again.

[0018] The number or total duration of new attempts is preferably limited to a predetermined value. This predetermined time is selected such that the other computer 20 should be able to complete its disk task within this time and it should release the disk drive 14. Alternatively, there may be two predetermined time limits. The shorter time limit (for example 5 seconds) is used for short reservations, and the longer one (which may be several minutes) is used for long reservations, for instance during formatting and packing the disk drive.

[0019] Unless the other computer 20 releases the disk drive 14 in a time corresponding to the predetermined limit, an inquiry can be sent to this computer 20 asking if it has reserved the disk drive 14. Unless an expected answer is received for this inquiry, it is concluded that the other computer 20 has become faulty while performing a disk task. In this case, a reset command is transmitted to the disk drive 14 and a new attempt for reservation is performed.

[0020] According to an embodiment of the invention, all signalling both between the computers 10 and 20 and from the computers to the disk drive 14 takes place via the disk drive bus 15. This embodiment is applicable especially when using disk drives with SCSI interfaces, since an SCSI comprises well defined protocols by means of which also other commands, besides the commands traditionally related to disk drives, can be transmitted. The SCSI version II is defined in the ANSI standard X3.141-1994.

[0021] According to another embodiment of the invention, the signalling between the computers 10 and 20 takes place via a message bus that is separate from the disk drive bus. This separate message bus 30 is shown in FIG. 1.

[0022] The method according to the invention is realized most preferably as a part of the disk control software of a duplexed computer system. The additions according to the invention to the disk control software are stored in the memory in which the rest of the disk control software is stored. If the signalling according to the invention between the computers is performed via a message bus that is separate from the disk drive bus and that connects the computers, this message bus does not necessarily constitute known technology. On the basis of the above description, it is apparent for a person skilled in the art how the signalling on the message bus is complemented in order to implement the method according to the invention.

[0023] From the above description it is also obvious for a person skilled in the art that as the technology advances, the basic idea of the invention can be realized in many different ways. The invention and the embodiments thereof are therefore not restricted to the above-described examples, but they may vary within the scope of the claims. 

1. A method of controlling a shared disk drive (14) in a system comprising at least two computers (10, 20), a shared disk drive (14), and a disk drive bus (15) connecting the computers (10, 20) and the disk drive (14), in which method the first computer (10) using the shared disk drive (14): checks before a disk task whether the second computer (20) has sent notices of changes it has made in the shared disk drive (14); in response to detected notices it erases from its buffer the data corresponding to the areas that have been changed in the shared disk drive (14); performs the disk task; and informs the second computer (20) of the data that has been changed in the disk drive (14), characterized in that after the disk task the first computer (10) using the shared disk drive (14) releases the disk drive (14) if the second computer (20) has indicated that it needs the disk drive (14).
 2. A method as claimed in claim 1 , characterized in that if the disk drive (14) cannot be reserved, the first computer (10) using the shared disk drive (14) indicates to the second computer (20) that it needs the disk drive (14).
 3. A method as claimed in claim 1 , characterized in that the first computer (10) using the shared disk drive (14) releases the reservation of the disk drive (14) if the second computer (20) does not provide a predetermined answer to the indication transmitted by the first computer about the need for the disk drive (14).
 4. A method as claimed in any one of claims 1 to 3 , characterized in that the signalling between the first computer (10) and the second computer (20) is performed via the disk drive bus (15).
 5. A method as claimed in any one of claims 1 to 3 , characterized in that the signalling between the first computer (10) and the second computer (20) is performed via a message bus (30) that is separate from the disk drive bus (15).
 6. A system for controlling a shared disk drive (14) from two computers (10, 20) at least one (10) of which comprises a memory (12) for buffering the data in the disk drive (14), the system also comprising a disk drive bus (15) connecting the computers (10, 20), and a disk drive (14), and disk management software comprising the following functions: restricting the use of the disk drive (14) for only one computer (10, 20) at a time; receiving a first signal with the first computer (10) from the second computer (20), and examining the first signal in order to detect whether the second computer (20) has made changes in the data of the disk drive (14); erasing from the memory (12) of the first computer (10) the data corresponding to the changes made by the second computer (20) in the data of the disk drive (14); generating a second signal with the first computer (10) and transmitting it to the second computer (20), the second signal indicating to the second computer (20) which data in the disk drive (14) has been changed by the first computer (10); characterized in that the disk management software further comprises a function in which the first computer (10) using the shared disk drive (14) releases the disk drive (14) after the disk task if the second computer (20) has indicated that it needs the disk drive (14).
 7. A system as claimed in claim 6 , characterized in that the signals between the computers (10, 20) propagate on the disk drive bus (15).
 8. A system as claimed in claim 6 , characterized in that at least some of the signals between the computers (10, 20) propagate via a message bus (30) that is separate from the disk drive bus (15).
 9. A system as claimed in claim 6 , characterized in that information about reserving the disk drive (14) is stored in the disk drive (14) and read from it.
 10. A system as claimed in claim 6 , characterized in that information about reserving the disk drive (14) is given to the remaining computer (10, 20) via the message bus (30). 